CVE-2022-48890

Published: Aug 21, 2024

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: scsi: storvsc: Fix swiotlb bounce buffer leak in confidential VM storvsc_queuecommand() maps the scatter/gather list using scsi_dma_map(), which in a confidential VM allocates swiotlb bounce buffers. If the I/O submission fails in storvsc_do_io(), the I/O is typically retried by higher level code, but the bounce buffer memory is never freed. The mostly like cause of I/O submission failure is a full VMBus channel ring buffer, which is not uncommon under high I/O loads. Eventually enough bounce buffer memory leaks that the confidential VM can't do any I/O. The same problem can arise in a non-confidential VM with kernel boot parameter swiotlb=force. Fix this by doing scsi_dma_unmap() in the case of an I/O submission error, which frees the bounce buffer memory.

Vendor	Product	Versions
Linux	Linux	affected `743b237c3a7b0f5b44aa704aae8a1058877b6322 - < 87c71e88f6a6619ffb1ff88f84dff48ef6d57adb` affected `743b237c3a7b0f5b44aa704aae8a1058877b6322 - < 67ff3d0a49f3d445c3922e30a54e03c161da561e`
Linux	Linux	affected `5.17` unaffected `0 - < 5.17` unaffected `6.1.7 - <= 6.1.` unaffected `6.2 - <= `

References

https://git.kernel.org/stable/c/87c71e88f6a6619ffb1ff88f84dff48ef6d57adb

https://git.kernel.org/stable/c/67ff3d0a49f3d445c3922e30a54e03c161da561e

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-48890

Description

Affected Products

References